CVE-2016-20012

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product

Affected Software

Name	Vendor	Start Version	End Version
Openssh	Openbsd	*	8.7 (including)
Openssh	Ubuntu	bionic	*
Openssh	Ubuntu	devel	*
Openssh	Ubuntu	esm-infra-legacy/trusty	*
Openssh	Ubuntu	esm-infra/bionic	*
Openssh	Ubuntu	esm-infra/xenial	*
Openssh	Ubuntu	fips-updates/bionic	*
Openssh	Ubuntu	fips-updates/focal	*
Openssh	Ubuntu	fips-updates/xenial	*
Openssh	Ubuntu	fips/bionic	*
Openssh	Ubuntu	fips/focal	*
Openssh	Ubuntu	fips/xenial	*
Openssh	Ubuntu	focal	*
Openssh	Ubuntu	hirsute	*
Openssh	Ubuntu	impish	*
Openssh	Ubuntu	jammy	*
Openssh	Ubuntu	trusty	*
Openssh	Ubuntu	trusty/esm	*
Openssh	Ubuntu	upstream	*
Openssh	Ubuntu	xenial	*
Openssh-ssh1	Ubuntu	bionic	*
Openssh-ssh1	Ubuntu	devel	*
Openssh-ssh1	Ubuntu	esm-apps/bionic	*
Openssh-ssh1	Ubuntu	esm-apps/focal	*
Openssh-ssh1	Ubuntu	esm-apps/jammy	*
Openssh-ssh1	Ubuntu	focal	*
Openssh-ssh1	Ubuntu	hirsute	*
Openssh-ssh1	Ubuntu	impish	*
Openssh-ssh1	Ubuntu	jammy	*
Openssh-ssh1	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-20012
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References